Phishing – How to Protect Yourself Against Threats

how to protect yourself against phishing threats

I am a little “behind” when it comes to the murky world of the internet and phishing. Even for the most intrepid of users, the ever changing face of Internet scamming is complicated to keep up with. None-the-less, I was a little surprised, today, when I was installing updates to my Internet Explorer browser and one of the choices I was asked to make was whether or not I wanted to have each and every web page I visit checked for “phishing.” Come again?

Perhaps I’d better look into this…

The last time I checked, the closest approximation to phishing I could have unearthed would have involved a hackey-sack, plenty of smoke, and endless jams that tested the patience of even the most diligent of Dave Matthews Band refugees. What could my IE have against phishing?

As it turns out, there is a little more to this issue than I had imagined. Phishing, according to Wikipedia, is a criminal activity using social engineering techniques. More than your basic worm or virus, which usually rely on your willingness to click on a cryptic link from an unfamiliar email address, phishing actually masquerades as a trusted correspondence to gain your trust and fool you into providing protected information, like passwords or credit card numbers, to the phisherman.

Phishing is phucked, to be sure, and the likelihood that you could be a victim of phishing is gaining in likelihood. The best way you can protect yourself is to be aware.

Several weeks ago, I received an email from “PayPal” informing me that there had been a breach in the security of my account. Alarmed, I immediately logged into my PayPal account and could detect nothing amiss. Rather than respond to the email I had received, I chose to contact PayPal directly through the messaging service on the site (I have yet to hear back from them).

Upon beginning my research into phishing, I discovered an example of the technique via PayPal that looked remarkably similar to the email correspondence I received from “PayPal.” Weeks have past, and there is still no discrepancy in my PayPal account. Not having previous knowledge about phishing, or the techniques used to commit fraud, I am only grateful that I chose to respond directly to PayPal, and not to the sender of the email.

So, what should you watch out for to protect yourself? There is a list. According to Wikipedia, there are three common types of phishing: link manipulation, website forgery, and phone phishing.

Link manipulation is the most common form of phishing. It involves the creation of a spoof website- a website that mimics a known and trusted site- and them creating links to the spoofed site. Often, the spoofed websites will differ from the valid sites by subtle differences like small misspellings in the URLs, or by the use of subdomains. Although savvy Internet users may learn to spot evidence of phishing through link manipulation, for the more basic users like me, the best practice is to employ “universal precautions” when responding to unsolicited emails. Never respond to an unsolicited or confusing email from any organization responsible for any sort of financial dealings by replying to the email- message the organization in question directly from their website, describe the communication, and ask them to validate it.

Website forgery is particularly ominous form of phishing that uses JavaScript commands to alter the address bar, either by placing an image of the legitimate site’s URL over the address bar, or by replacing the URL of the phishing site with that of the legitimate site, thereby masking the occurrence from the user.

What about phone phishing?

Well this is considered old school, much simpler, and often leaves users as or more vulnerable to being phished than the higher tech methods. In phone phishing, users receive a message bank or other institution utilizing sensitive financial information of its members instructing them to call a customer service number regarding a problem with their account. When responding, users will be instructed to enter their account numbers and PINs in order to begin the process of resolving the problem.

While I acknowledge that I am not terribly tech savvy, I am suspicious by nature and generally think of myself as intelligent and open-minded to the insipid dealings of the far-too-bored-and-smart. My save on the “PayPal” email issue was due to this. However, ignorant of phishing techniques, it was only a matter of time before someone got me. I hope this simple article from a tech-deficient simpleton will help some of you.